6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%
The client library, enabling applications to access the services provided by an UPnP “Internet Gateway Device” present on the network.
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running a MiniUPnPc linked application.
There is no known workaround at this time.
All MiniUPnPc users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-2.0.20170509"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-libs/miniupnpc | < 2.0.20170509 | UNKNOWN |